Adobe’s recent security breach, which we reported on near the start of the month, is much, much worse than originally reported. While it was initially claimed by the software maker that three million accounts had been compromised, it’s now looking like as many as 38 million may have been affected. Not all accounts were active ones either, as two million accounts that haven’t been logged into for over two years were also illegitimately accessed.
The question at this point on many people’s lips, is why didn’t Adobe tell us earlier? According to one Adobe spokesperson, it only revealed information which it knew to be true.”In our public disclosure, we communicated the information we could validate,” she said.
“As we have been going through the process of notifying customers whose Adobe IDs and passwords we believe to be involved, we have been eliminating invalid records. Any number communicated in the meantime would have been inaccurate.”
She went on to suggest that while usernames and encrypted passwords had been compromised on 38 million accounts, only the original three million had had their credit card information stolen.
Adobe potentially has bigger problems though. In the hack, it’s been suggested that Adobe’s Acrobat PDF viewer software had its source code stolen, which could potentially allow hackers to create malware that exploits very unexpected flaws in the program.
KitGuru Says: Adobe has already forced password changes on a lot of people, but if you have an account there, it might not be a bad idea to change the related email address too.[Cheers BBC]